I have had no trouble building PSK authorized tunnels betweeen my SRX and NS50(s), but I cannot seem to get certificate based VPNS to work at all. I have gone through all of the guides (including the one where the two devices' names are only one character different!!!), and still cannot make it work..

If someone has a working config of either end of this setup, tell me what you did and what the "gotcha's" are.

right now, my two certs were issued by different CA's (both my internal CAs). Both CA certificates have been loaded into both the NS50 and the SRX210. I'll have to rerun the test to get any debug output, i had traceoptions all on the SRX running for a while, but nothing on the NS50. I also registered at dyndns (for my aDSL ip/name resolution).

since i own both CA's I guess I can sign the device cert in both CAs.... I guess I'm going to have to break down and create my own internal subordinate CA....